Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Increase max ICMP ping size

    IPsec
    2
    4
    9927
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seank last edited by

      I did a search for "increase max ping/ICMP size" but didn't come up with any answers.

      I use to have an Astaro to strongSWAN IPSec tunnel. Now have an Astaro to pfsense  IPSec tunnel and the following problem came up.

      I need to be able to do "large" pings(2048) over my VPN due to the way some Microsoft junk works.

      thanks in advance

      C:\Program Files\Support Tools>ping 192.168.5.1  -l 1024

      Pinging 192.168.5.1 with 1024 bytes of data:

      Reply from 192.168.5.1: bytes=1024 time=89ms TTL=63
      Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
      Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63
      Reply from 192.168.5.1: bytes=1024 time=90ms TTL=63

      Ping statistics for 192.168.5.1:
          Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
      Approximate round trip times in milli-seconds:
          Minimum = 89ms, Maximum = 90ms, Average = 89ms
      C:\Program Files\Support Tools>ping 192.168.5.1  -l 2048

      Pinging 192.168.5.1 with 2048 bytes of data:

      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.

      Ping statistics for 192.168.5.1:
         Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

      and strongSWAN

      C:\Program Files\Support Tools>ping 192.168.20.1  -l 2048

      Pinging 192.168.20.1 with 2048 bytes of data:

      Reply from 192.168.20.1: bytes=2048 time=20ms TTL=63
      Reply from 192.168.20.1: bytes=2048 time=37ms TTL=63
      Reply from 192.168.20.1: bytes=2048 time=22ms TTL=63
      Reply from 192.168.20.1: bytes=2048 time=35ms TTL=63

      Ping statistics for 192.168.20.1:
         Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
      Approximate round trip times in milli-seconds:
         Minimum = 20ms, Maximum = 37ms, Average = 28ms

      1 Reply Last reply Reply Quote 0
      • S
        seank last edited by

        $10 paid (paypal) to who ever can give me a definite answer.

        1 Reply Last reply Reply Quote 0
        • E
          eazydor last edited by

          keep your money and buy ice for the kids..

          If you experience packet loss only when using specific protocols (SMB, RDP, etc), you may need to reduce your WAN MTU. IPsec does not handle fragmented packets very well, and a reduced MTU will ensure that the packets traversing the tunnel are all of a size which can be transmitted whole. A good starting point would be 1300, and if that works, slowly increase the MTU until you find the breaking point, then back off a little from there.
          from doc.pfsense.org

          http://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols

          1 Reply Last reply Reply Quote 0
          • S
            seank last edited by

            Well how is it that I can ping well over ethernet's 1500 MTU with a strongSWAN–strongSWAN IPSec tunnel?

            seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.20.1
            PING 192.168.20.1 (192.168.20.1) 8000(8028) bytes of data.
            8008 bytes from 192.168.20.1: icmp_seq=1 ttl=63 time=58.1 ms
            8008 bytes from 192.168.20.1: icmp_seq=2 ttl=63 time=44.3 ms
            8008 bytes from 192.168.20.1: icmp_seq=3 ttl=63 time=30.9 ms
            8008 bytes from 192.168.20.1: icmp_seq=4 ttl=63 time=31.1 ms
            8008 bytes from 192.168.20.1: icmp_seq=5 ttl=63 time=28.6 ms
            ^C
            --- 192.168.20.1 ping statistics ---
            5 packets transmitted, 5 received, 0% packet loss, time 4005ms
            rtt min/avg/max/mdev = 28.623/38.642/58.148/11.205 ms
            seank@mob-sean:/work/workspaceCDT/FreeEMS/freeems-vanilla$ ping -s 8000 192.168.5.1
            PING 192.168.5.1 (192.168.5.1) 8000(8028) bytes of data.
            ^C
            --- 192.168.5.1 ping statistics ---
            19 packets transmitted, 0 received, 100% packet loss, time 18142ms
            ?
            Thx!
            Sean

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy